Diederik Merkens
Test por , creado hace más de 1 año

This is the first quiz about 27002

3813
0
0
Diederik Merkens
Creado por Diederik Merkens hace más de 4 años
Cerrar

ISO 27002 quiz part 1

Pregunta 1 de 10

1

What does the Information Security Policy describe?

Selecciona una de las siguientes respuestas posibles:

  • which InfoSec-controls have been selected and taken

  • how the InfoSec-objectives will be reached

  • what the implementation-planning of the information security management system is

  • which Information Security-procedures are selected

Explicación

Pregunta 2 de 10

1

Selecciona la opción correcta del menú desplegable para completar el texto.

In the context of contact with special interest groups, any information sharing agreements should identify requirements for the protection of ( topic-specific, public, confidential ) information.

Explicación

Pregunta 3 de 10

1

Responsibilities for information security in projects should be defined and allocated to:

Selecciona una de las siguientes respuestas posibles:

  • the project manager

  • specified roles defined in the used project management method of the organization

  • the InfoSec officer

  • the owner of the involved asset

  • the manager of the business domain in which the project is carried out

Explicación

Pregunta 4 de 10

1

Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 5 de 10

1

Selecciona la opción correcta del menú desplegable para completar el texto.

Prior to employment, ( screening, awareness training, trial period ) as well as terms & conditions of employment are included as controls in ISO 27002 to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.

Explicación

Pregunta 6 de 10

1

It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures (“whistle blowing”)

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 7 de 10

1

The identified owner of an asset is always an individual

Selecciona uno de los siguientes:

  • VERDADERO
  • FALSO

Explicación

Pregunta 8 de 10

1

Who is accountable to classify information assets?

Selecciona una de las siguientes respuestas posibles:

  • the CEO

  • the CISO

  • the asset owner

  • the Information Security team

Explicación

Pregunta 9 de 10

1

Selecciona la opción correcta del menú desplegable para completar el texto.

Physical labels and ( data encryption, metadata, digital folders ) are two common forms of labelling which are mentioned in ISO 27002.

Explicación

Pregunta 10 de 10

1

What should be used to protect data on removable media if data confidentiality or integrity are important considerations?

Selecciona una de las siguientes respuestas posibles:

  • backup on another removable medium

  • a password

  • logging

  • cryptographic techniques

Explicación

Anterior
Siguiente